14th International SAOIM

SAOIM Workshop – Practical Information Security

PDF Practical Information Security


PDF Pratical Information Security _ OSINT Social Media Search Supplement

Supplemental workshop links:
Part 1 –
■ The 10 Most Abused Top Level Domains List – Krebs / Spamhaus

Part 2 –
■ “How to Build a Social Media Protection Program: A 10-step Guide” (11 April 2018)
■ “The Password to Your IoT Device is just a Google Search Away” (22 March 2018)
■ “A Real-Life Hacker Reveals What You Should Stop Doing Online” (14 June 2018)
■ “Removing Yourself from the Internet” (24 April 2018)

Part 3 –
■ “The Best Twitter Search Tricks” (2 November 2017)
Creepy – a geolocation OSINT tool. Offers geolocation information gathering through social networking platforms. Video demonstration.
■ “How to stay totally anonymous online” (07 May 2018)
Instagram Finder search: instagramfinder.net/tags/@{TwitterHandle}
■ Pocket https://getpocket.com
South Africa on Shodan (list of available countries)
■ Strava results on Google (link)
■ Video: “Deep Dive Into the Dark Web (OSINT Style)” by @kirbstr (Feb 2018)
■ Visual Graph of Videos on YouTube: Yasiv

SAOIM Keynote – Supplemental Resources

From LibrarySherpa to InfoSecSherpa (Slide 3)

■ 3-part interview with Jo Wood from the Librarians With Lives podcast, episodes 19-20-21. 
Unusual Journeys into InfoSec, Part 17: InfoSecSherpa

Current State of the Information Security Industry (Slide 4)

Global cyber crime worth $1.5tn a year, study says (20 April 2018, Computer Weekly)
Cybersecurity Spending Poised to Rise in 2018, Gartner Reports (12 December 2017, Security Intelligence)
Cybersecurity Has a Serious Talent Shortage. Here’s How to Fix It. (04 March 2017, Harvard Business Review)
Women, Minorities Largely Absent from Cybersecurity Jobs (30 January 2017, Society for Human Resource Management)

How Did We Get Here? (Slide 5)

Brief History of the Internet (1997, Internet Society)
Net of Insecurity: A Disaster Foretold and Ignored. L0pht’s warnings about the Internet drew notice but little action. (22 June 2015, Washington Post)
The Cybersecurity 202: These hackers warned Congress the internet was not secure. 20 years later, their message is the same. (23 May 2018, Washington Post)
■ Video: BSides Northern Virginia keynote address by Matt Devost (February 2018)
The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage by Clifford Stoll (2005)

Get to Know InfoSec Vocabulary! (Slide 8)

Duo Security InfoSec Glossary
Private US-based security company

ISACA Cybersecurity Fundamentals Glossary
Information Systems Audit and Control Association (previously)

■ NCSC Glossary
National Cyber Security Centre (UK)

■ NICCS A Glossary of Common Cybersecurity Terminology
National Initiative for Cybersecurity Careers and Studies

■ NIST Glossary of Key Information Security Terms
National Institute of Standards and Technology

■ SANS Glossary of Security Terms
SANS Institute

Resources, Part 1 (Slide 20)

Congressional Research Reports

Cybersecurity 500

Cybersecurity Canon by Palo Alto Networks

DBIR by Verizon (Data Breach Investigations Report)


■ Certifications – Network+, Security+, CISSP, SANS, and more

■ Conferences – RSA, BlackHat, Gartner Security & Risk Management Summit, Security BSides, DerbyCon, ShmooCon, DEF CON, and more

■ Podcasts – Defensive Security, Security Now!, and 35 of the Best Information Security Podcasts to Follow

■ Professional Associations – ISACA, ISC(2), ISSA, OWASPIAPP, and more

Resources, Part 2 (Slide 21)

ArsTechnica Security
■ BankInfoSecurity.com
■ BleepingComputer.com
■ CSOonline.com –> The security laws, regulations and guidelines directory
Krebs on Security also follow on Twitter @briankrebs
ZeroFOX – sign up for their newsletter about social media related security

African Cybersecurity Resources
(no slide in presentation, this is a supplement)

@iAfrikan Newsletters (daily or weekly) https://www.iafrikan.com/newsletters/
Africa Cyber Security Conference (24-26 October 2018 in Abidjan, Côte d’Ivoire)
@she_secures or https://shesecures.org/
[A Nigeria-based organization for women interested in cybersecurity.]
■ “Cyber crime and cyber security trends in Africa: Report” (03 October 2017)
Risk Africa Magazine (keyword search cybersecurity)
AfricaHackOn (26-27 June 2018 in Nairobi, Kenya)
■ “Cybersecurity trends – what’s in store for South Africa in 2018” (18 January 2018)
IT News Africa (keyword search cybersecurity)
Africa Cyber Defence Summit (9-10 July in Nairobi, Kenya)

CIA Triad: Integrity
Get to know your physical security! (Slide 27)

Hak5 tools

Full keynote presentation slides

Keynote SAOIM